BTCPayServer.NTag424.PCSC
1.0.14
See the version list below for details.
dotnet add package BTCPayServer.NTag424.PCSC --version 1.0.14
NuGet\Install-Package BTCPayServer.NTag424.PCSC -Version 1.0.14
<PackageReference Include="BTCPayServer.NTag424.PCSC" Version="1.0.14" />
paket add BTCPayServer.NTag424.PCSC --version 1.0.14
#r "nuget: BTCPayServer.NTag424.PCSC, 1.0.14"
// Install BTCPayServer.NTag424.PCSC as a Cake Addin #addin nuget:?package=BTCPayServer.NTag424.PCSC&version=1.0.14 // Install BTCPayServer.NTag424.PCSC as a Cake Tool #tool nuget:?package=BTCPayServer.NTag424.PCSC&version=1.0.14
BTCPayServer.BoltCardTools
Introduction
This repository hosts tools that help with the creation of Bolt Cards.
Content:
- BTCPayServer.NTag424 is the base library implementing the NTag424 protocol, this library is platform agnostic.
- BTCPayServer.NTag424.PCSC is a library implementing APDU transport via PCSC-Sharp for supporting Windows/Linux/Mac.
We tested the following smart card reader:
Examples
How to read the UID of an NTag 424 smart card
Plug in a smart card reader, and place an NTag 424 smart card on it.
Reference the nuget package BTCPayServer.NTag424.PCSC in your project.
dotnet add package BTCPayServer.NTag424.PCSC
Then to use it:
using BTCPayServer.NTag424;
using BTCPayServer.NTag424.PCSC;
using System;
using var ctx = await PCSCContext.WaitForCard();
var ntag = ctx.CreateNTag424();
var key = AESKey.Default;
await ntag.AuthenticateEV2First(0, key);
var id = await ntag.GetCardUID();
var idStr = Convert.ToHexString(id, 0, id.Length).ToLowerInvariant();
Console.WriteLine($"Card UID: {idStr}");
How to read the NDEF message of an NTag 424 smart card
using BTCPayServer.NTag424.PCSC;
using System;
using var ctx = await PCSCContext.WaitForCard();
var ntag = ctx.CreateNTag424();
var uri = await ntag.TryReadNDefURI();
Console.WriteLine($"Card URI: {uri}");
How to verify the signature of an NTag 424 smart card
using BTCPayServer.NTag424;
using BTCPayServer.NTag424.PCSC;
using System;
using System.Security;
using System.Collections;
using var ctx = await PCSCContext.WaitForCard();
var ntag = ctx.CreateNTag424();
// In prod: var issuerKey = IssuerKey.Random();
var issuerKey = new IssuerKey("00000000000000000000000000000001".HexToBytes());
// In prod: var cardKey = CardKey.Random();
var cardKey = new CardKey("00000000000000000000000000000002".HexToBytes());
// First time authenticate is with the default 00000000000000000000000000000000 key
await ntag.AuthenticateEV2First(0, AESKey.Default);
var uid = await ntag.GetCardUID();
var keys = cardKey.DeriveBoltcardKeys(issuerKey, uid);
await ntag.SetupBoltcard("lnurlw://blahblah.com", BoltcardKeys.Default, keys);
var uri = await ntag.TryReadNDefURI();
var piccData = issuerKey.TryDecrypt(uri);
if (piccData is null)
throw new SecurityException("Impossible to decrypt with issuerKey");
// In production, you would fetch the card key from database
// var cardKey = await GetCardKey(issuerKey.GetId(piccData.Uid));
if (!cardKey.CheckSunMac(uri, piccData))
throw new SecurityException("Impossible to decrypt with issuerKey");
await ntag.ResetCard(issuerKey, cardKey);
// If this method didn't throw an exception, it has been successfully decrypted and authenticated.
// You can reset the card with `await ntag.ResetCard(issuerKey, cardKey);`.
How to setup a bolt card
using BTCPayServer.NTag424;
using BTCPayServer.NTag424.PCSC;
using System;
using System.Collections;
using var ctx = await PCSCContext.WaitForCard();
var ntag = ctx.CreateNTag424();
// Example with hard coded keys
var keys = new BoltcardKeys(
AppMasterKey: new AESKey("00000000000000000000000000000001".HexToBytes()),
EncryptionKey: new AESKey("00000000000000000000000000000002".HexToBytes()),
AuthenticationKey: new AESKey("00000000000000000000000000000003".HexToBytes()),
K3: new AESKey("00000000000000000000000000000004".HexToBytes()),
K4: new AESKey("00000000000000000000000000000005".HexToBytes()));
var lnurlwService = "lnurlw://test.com";
// Note `BoltcardKeys.Default` assumes the card hasn't been setup yet.
// If it was not the case, you would need to provide the access keys you provided during the last setup.
await ntag.SetupBoltcard(lnurlwService, BoltcardKeys.Default, keys);
// You can reset the card to its factory state with `await ntag.ResetCard(keys);`
How to setup a bolt card with deterministic keys, and decrypt the PICCData
Deterministic keys simplifies the management of Boltcard by removing the need to store the keys of each Boltcards in a database.
Here is an example of how to setup a card with deterministic keys, and decrypt the PICCData.
using var ctx = await PCSCContext.WaitForCard();
var ntag = ctx.CreateNTag424();
var issuerKey = new IssuerKey("00000000000000000000000000000001".HexToBytes());
// First time authenticate is with the default 00.000 key
await ntag.AuthenticateEV2First(0, AESKey.Default);
var uid = await ntag.GetCardUID();
//var nonce = IssuerKey.RandomNonce();
var nonce = new byte[16]; // Please use IssuerKey.RandomNonce() in production
// SaveNonce should be implemented by the server
await SaveNonce(issuerKey.GetId(uid), nonce);
var keys = issuerKey.DeriveBoltcardKeys(uid, nonce);
await ntag.SetupBoltcard("lnurlw://blahblah.com", BoltcardKeys.Default, keys);
var uri = await ntag.TryReadNDefURI();
var piccData = issuerKey.TryDecrypt(uri);
if (piccData == null)
throw new SecurityException("Impossible to decrypt with issuerKey");
// In real life, you would fetch the nonce from database
// var nonce = await FetchNonce(issuerKey.GetId(piccData.Uid));
if (!issuerKey.CheckSunMac(uri, piccData, nonce))
throw new SecurityException("Impossible to check the SUN MAC");
// If this method didn't throw an exception, it has been successfully decrypted and authenticated.
// You can reset the card with `await ntag.ResetCard(issuerKey, nonce);`.
License
MIT
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- BTCPayServer.NTag424 (>= 1.0.15)
- PCSC (>= 6.1.3)
- PCSC.Iso7816 (>= 6.1.3)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories (1)
Showing the top 1 popular GitHub repositories that depend on BTCPayServer.NTag424.PCSC:
Repository | Stars |
---|---|
btcpayserver/BTCPayServer.Vault
Sign with software or hardware wallets
|
Version | Downloads | Last updated |
---|---|---|
1.0.21 | 102 | 9/4/2024 |
1.0.20 | 134 | 4/24/2024 |
1.0.19 | 137 | 2/8/2024 |
1.0.18 | 430 | 12/21/2023 |
1.0.17 | 122 | 12/21/2023 |
1.0.16 | 226 | 12/8/2023 |
1.0.15 | 228 | 10/25/2023 |
1.0.14 | 155 | 10/24/2023 |
1.0.13 | 162 | 10/24/2023 |
1.0.12 | 146 | 10/24/2023 |
1.0.11 | 212 | 10/23/2023 |
1.0.10 | 161 | 10/22/2023 |
1.0.9 | 148 | 10/22/2023 |
1.0.8 | 158 | 10/21/2023 |
1.0.7 | 132 | 10/20/2023 |
1.0.6 | 136 | 10/20/2023 |
1.0.5 | 150 | 10/20/2023 |
1.0.4 | 145 | 10/20/2023 |
1.0.3 | 140 | 10/20/2023 |
1.0.1 | 152 | 10/6/2023 |
1.0.0 | 126 | 10/4/2023 |